cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* tools/tiffdump.c (ReadDirectory): Remove uint32 cast to

Browse Source 
_TIFFmalloc() argument which resulted in Coverity report.  Added
more mutiplication overflow checks.
This commit is contained in:
Bob Friesenhahn 2016-11-19 15:42:46 +00:00
parent 1aa4ee54c8
commit 07e63bcdf8
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2016-11-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
* tools/tiffdump.c (ReadDirectory): Remove uint32 cast to
_TIFFmalloc() argument which resulted in Coverity report. Added
more mutiplication overflow checks.
2016-11-18 Even Rouault <even.rouault at spatialys.com> 2016-11-18 Even Rouault <even.rouault at spatialys.com>
* tools/tiffcrop.c: Fix memory leak in (recent) error code path. * tools/tiffcrop.c: Fix memory leak in (recent) error code path.

10
tools/tiffdump.c
View File

@ -1,4 +1,4 @@
/* $Id: tiffdump.c,v 1.34 2016-07-10 16:56:18 erouault Exp $ */ /* $Id: tiffdump.c,v 1.35 2016-11-19 15:42:46 bfriesen Exp $ */
/* /*
* Copyright (c) 1988-1997 Sam Leffler * Copyright (c) 1988-1997 Sam Leffler
@ -427,7 +427,7 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
typewidth = 0; typewidth = 0;
else else
typewidth = datawidth[type]; typewidth = datawidth[type];
datasize = count*typewidth; datasize = TIFFSafeMultiply(tmsize_t,count,typewidth);
datasizeoverflow = (typewidth > 0 && datasize / typewidth != count); datasizeoverflow = (typewidth > 0 && datasize / typewidth != count);
datafits = 1; datafits = 1;
datamem = dp; datamem = dp;
@ -463,17 +463,17 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
{ {
datatruncated = 1; datatruncated = 1;
count = 0x10000/typewidth; count = 0x10000/typewidth;
datasize = count*typewidth; datasize = TIFFSafeMultiply(tmsize_t,count,typewidth);
} }
if (count>maxitems) if (count>maxitems)
{ {
datatruncated = 1; datatruncated = 1;
count = maxitems; count = maxitems;
datasize = count*typewidth; datasize = TIFFSafeMultiply(tmsize_t,count,typewidth);
} }
if (!datafits) if (!datafits)
{ {
datamem = _TIFFmalloc((uint32)datasize); datamem = _TIFFmalloc(datasize);
if (datamem) { if (datamem) {
if (_TIFF_lseek_f(fd, (_TIFF_off_t)dataoffset, 0) != if (_TIFF_lseek_f(fd, (_TIFF_off_t)dataoffset, 0) !=
(_TIFF_off_t)dataoffset) (_TIFF_off_t)dataoffset)